Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted upx-ucl 3.96-2+deb11u1 (source) into oldstable-security
Date: Wed, 11 Dec 2024 17:00:22 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Dec 2024 16:08:01 +0100
Source: upx-ucl
Architecture: source
Version: 3.96-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Robert Luberda <robert@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 1033258
Changes:
 upx-ucl (3.96-2+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2023-23456: A heap-based buffer overflow issue was discovered in
     UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker
     to cause a denial of service (abort) via a crafted file.
     (Closes: #1033258)
   * debian/salsa-ci.yml: init CI config.
Checksums-Sha1:
 6c682112e76be03707f2cf1a26364f28ee173d96 1899 upx-ucl_3.96-2+deb11u1.dsc
 53c36d5ba589ded10a6bbd1c58cb74c466ca3204 792524 upx-ucl_3.96.orig.tar.xz
 6eea49a9edf0974e9320ed043309a2c851942cb3 58920 upx-ucl_3.96-2+deb11u1.debian.tar.xz
 c55716aaf4d8b6cb1e7dae1d9bf4b0695e3ba734 6158 upx-ucl_3.96-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
 36bb47ce186c6702aa696cf97ee03d0a4ec631b183afd41c0252d7c399bbb34e 1899 upx-ucl_3.96-2+deb11u1.dsc
 47774df5c958f2868ef550fb258b97c73272cb1f44fe776b798e393465993714 792524 upx-ucl_3.96.orig.tar.xz
 e038384c070f99645f1679e493b85adc5c96c5772b1a8b0218d332b002d0b29f 58920 upx-ucl_3.96-2+deb11u1.debian.tar.xz
 8a5795906d1db46412ce8ddfdf440b4b3afafd89794f1e898a687fc45aeaa93f 6158 upx-ucl_3.96-2+deb11u1_amd64.buildinfo
Files:
 90f723f6b0285c4604b82d4d0714b4d5 1899 utils optional upx-ucl_3.96-2+deb11u1.dsc
 bf5564f33fe9062bc48b53abd4b34223 792524 utils optional upx-ucl_3.96.orig.tar.xz
 d1bdbdb756e12ad2b0672aa2d41b4ae7 58920 utils optional upx-ucl_3.96-2+deb11u1.debian.tar.xz
 1fa7fd0ce754fb060ace981a992143da 6158 utils optional upx-ucl_3.96-2+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmdZwTQACgkQDTl9HeUl
XjDmdA/+KGo5uoMm2ayPw9G72EGeKSERqfpR8e1vECVUwxAxcx/1zsf54aJRudzW
DbNiM4KiWwMpdQsLjOVI6H3ve3SZA61z/uW8XmPu/wNEYEy2eOincv0w2YXo+DNF
kqgbvKC4Wea1vSmjdNpzYbv0FrFEMKEfWTfpdeB7G5C9gU5kWcGZKuRlpEfVg0fn
ibHWsh2JobS8oDP5eiY48ODroX6y5+sJwYpcuAJgXKdrKFSf3FD+ZeJnL4mWdhKQ
4hlKnRsoafW1W0oVivgcFMwd9LWhH5ebbTkdosyPEbNJPlRJtsWfvvMtaNPS+fcB
GUcDofCNvQz+6zCxnJ2H+BsgcX86zZWUWKaovYYK2o+MJq748qLOMveOWVj1n0lc
e+FNSoWq4ZXV+Fjq1CUM+7pEUTw1gqFovyHFvspAuB/fcvWwuNyYR3dzbcQmL+ks
JHPZZ3irbCL5H9PkfWqiSREyx0SB1Q6qGnDueSKp38j0i6YzkmDVsC71uAAm6pDL
RRjEOI0YWoIDtJOrU+AR+UlPfe6GrBhWBsCd++778BVvJBF6sv4Q+FrX9/FowJ1J
vVJ9cduWIrlDvOA4oFQeDIc1weMCJ576sZCOczcwijgkFmRvCmQ6QTMQ0s8+cK0R
PKM99JMlGx3058IOYJYq+4sWeH+XKpetPRmuvMwvI/5KEZdrl9s=
=gAFk
-----END PGP SIGNATURE-----

News for package upx-ucl